Hi, I'm a newcomer to ELK. Trying to get a few concepts wrapped in my head.
I've got several different devices (cisco, juniper, ubiquiti) pushing syslogs to our logstash.
I'm trying to figure out how to parse them based on format of of the message string.
Does grok pattern match the line and if it doesn't exactly match it tries the next match in sequence?
Also is there away to have the hosts or hosts.raw contain the fqdn via a inaddr dns lookup ?
Thank you
Does grok pattern match the line and if it doesn't exactly match it tries the next match in sequence?
Yes, if you have a grok filter with multiple expressions in it.
Also is there away to have the hosts or hosts.raw contain the fqdn via a inaddr dns lookup ?
Yes, see the dns filter.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.